Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Optimization Research Laboratory

Similar presentations


Presentation on theme: "Network Optimization Research Laboratory"— Presentation transcript:

1 Network Optimization Research Laboratory
The Proposal of Near Optimal Network Defense Resource Allocation Policies for Maximization of Network Survivability 達成網路存活度最大化之近似最佳化防禦資源配置策略 ─ 利用網路分隔度計算 Wendy Y.F. Wen Network Optimization Research Laboratory Dept. of IM, NTU

2 Outline Background Motivation Concept of DOS Problem Formulation
Model 1 Model 2 Solution Approach

3 Background We have become dependent on the computer networks that support our daily lives and the reliance on these networks have made us more vulnerable to their disruption. The concept of availability or reliability is not enough to describe the state of attacked or failed systems. How to assess and evaluate the system survivability effectively and efficiently is an urgent and crucial issue.

4 Motivation The computerized systems do not have only two states, functional and malfunctioned. The previous measurement of network survivability is either rather sparse or hard-understood. We try to propose a flexible, simple, and brand-new metric of network survivability.

5 Concept of DOS

6 Introduce of DOS Degree of Separation
Degree of Segmentation, Degree of Segregation, and Degree of Disconnectivity This metric is used to measure the damage of a given network. The larger DOS value, the larger damage of a network. If a DOS value is larger than established threshold, the network is compromised. (actually, the meaning of which is the same as Degree of Segmentation, Degree of Segregation, and Degree of disconnectivity).

7 Illustration of DOSOD pair (con’t)
After Attack: Cp = 1M+6ε DOSO-D = 1 O D After Attack: Cp = 1M+8ε DOSO-D = 1 O D DOSO-D = O D

8 Illustration of DOSnetwork (2)
Intact Network: DOSO1-D1 = 0 DOSO2-D2 = 0 DOSnetwork = 0 D1 O1 D2 O2 After Attack: DOSO1-D1 = 1 DOSO2-D2 = 1 DOSnetwork = (1+1)/2 = 1 D1 O1 D2

9 Problem Formulation Model 1

10 Problem Description The field of network survivability we discussed here focus on network connectivity. As an attacker, we try to figure out what minimal attack cost to compromise a target network is. We use the concept of the DOS to calculate network survivability. If DOSnetwork is larger than a given parameter, S, we are certain that the network survivability is under security standard.

11 Problem Assumptions The survivability metric is measured as the connectivity of each OD pair in a network. Any two nodes in the network will be able to form a pair of OD pair. The attacker and the defender have complete information about the targeted network topology. We consider bounded network. We consider node attacks only. If a node is broken, its adjacent outgoing links are subsequently not functional We consider malicious attacks only. The defender’s budget allocation strategy is a given parameter.

12 Given Parameter Notation Description V
The index set of all nodes in the network L The index set of all links in the network W The index set of all origin-destination pairs in the network OUT i The index set of outgoing links of node i, where iV Pw The index set of all candidate paths of an OD pair w, where wW M A large enough number that denotes the link is disconnected; i.e., arc weight if the link is broken. ε A small enough number that denotes the link is functional. δpl An indicator function, which is 1 if link l is on path p, and 0 otherwise, where lL, pPw bi The budget allocated to node i S The threshold of total network damage

13 The upper bound of S Linear Topology: Ring Topology:
N: the number of nodes in a network L: the number of links in a network

14 Decision Variable Notation Description yi
1 if node i is compromised, and 0 otherwise, where iV twl 1 if link l is used by an OD pair w, and 0 otherwise, where lL, pPw xp 1 if path p is chosen, and 0 otherwise, where pPw cl Cost of link l, which is ε if link l is functional, and M+ε if link l is broken, where lL

15 Objective function (IP 1)
(IP 1) is to minimize the total attack cost as an attacker. That is, an attacker minimizes the objective value by deciding which node should be compromised denoted by yi.

16 Constraints (IP 1.1) (IP 1.2) (IP 1.3) (IP 1.4) (IP 1.5) (IP 1.6)
(IP 1.1) describes the definition of the cost of link l, which is ε if link l functional, and M+ε if link l is broken. To simply the process of problem solving, we will slightly adjust this constraint form equation into inequality, i.e. from ‘=’ into ‘≦’. (IP 1.2) requires that the selected path for an OD pair w should be the minimum cost path. (IP 1.3) is the relationship between twl and xpδpl. We use the auxiliary set of decision variables twl to replace the sum of all xpδpl in order to simplify the problem-solving procedures. To simply the process of problem solving, we will slightly adjust this constraint form equation into inequality, i.e. from ‘=’ into ‘≦’. (IP 1.4) determines whether a target network is compromised or not. (IP 1.5) and (IP 1.6) , for an OD pair w, jointly require that only one path of all candidate paths of which is selected. (IP 1.7) determines whether node i is compromised or not. (IP 1.8) determines whether link l is used to form the minimum cost path of an OD pair w or not. (IP 1.9) requires that the value of each cl should be either ‘ε’ or ‘M+ε’. We add redundant constraint (IP 1.9) due to the need of Lagrangean relaxation problem.

17 Problem Formulation Model 2

18 Problem Description How does a network operator allocate defense budget to a network to maximize the defense effect. We will dispense defense budget to each vulnerable node so effectively and efficiently that a potential attacker increasingly boost his/her attack cost. A smart attacker also increasingly explores wayasto minimize his/her attack cost. A problem with max-min structure will be formed in Model 2.

19 Problem Assumptions The survivability metric is measured as the connectivity of each OD pair in a network. Any two nodes in the network will be able to form a pair of OD pair. The attacker and the defender have complete information about the targeted network topology. We consider bounded network. We consider node attacks only. We consider malicious attacks only. The objective of the attacker is to minimize the total attack cost in the inner problem of Model 2. The objective of the defender is to distribute the total amount of defense budget effectively so as to maximize the minimal attack cost of the attacker in the outer problem of Model 2.

20 Given Parameter Notation Description V
The index set of all nodes in the network L The index set of all links in the network W The index set of all origin-destination pairs in the network OUT i The index set of outgoing links of node i, where iV Pw The index set of all candidate paths of an OD pair w, where wW M A large enough number that denotes the link is disconnected; i.e., arc weight if the link is broken. ε A small enough number that denotes the link is functional. δpl An indicator function, which is 1 if link l is on path p, and 0 otherwise, where lL, pPw bi The budget allocated to node i S The threshold of total network damage B The total defense budget

21 Decision Variable Notation Description yi
1 if node i is compromised, and 0 otherwise, where iV twl 1 if link l is used by an OD pair w, and 0 otherwise, where lL, pPw xp 1 if path p is chosen, and 0 otherwise, where pPw cl Cost of link l, which is ε if link l is functional, and M+ε if link l is broken, where lL bi The budget allocated to node i

22 Objective function (IP 2)
(IP 1) To maximize the attacker’s minimal total attack cost.

23 Constraints (IP 2.1) (IP 2.2) (IP 2.3) (IP 2.4) (IP 2.5) (IP 2.6)
Constraints (IP 2.1) ~ (IP 2.9) are the same as (IP 1.1) ~ (IP 1.9) of Model 1 except the following two constraints: (IP 2.10) reflects our argument that the optimality condition for the defender holds if and only if the total budget, B, is fully used. (IP 2.11) requires that the set of decision variable, bi, is continuous and bounded by 0 and B.

24 Solution Approach Model 1

25 Lagrangean Relaxation Method

26 Constraints of Model 1 (IP 1.1) (IP 1.2) (IP 1.3) (IP 1.4) (IP 1.5)
(LR 1) Constraints (IP 1.5) ~ (IP 1.9) of the primal problem are still remained, denoted as (LR 1)~(LR 5) in the LR problem. (LR 2) (LR 3) (LR 4) (LR 5)

27 Optimization problem (LR)
we will relax Constraints (IP 1.1), (IP 1.2), (IP 1.3), and (IP 1.4) combining with respectively associated Lagrangean multipliers, , of primal problem (P) to obtain Lagrangean relaxation problem (LR) as follows (LR)

28 Sub-problem 1 related to decision variable xp subject to
分解成w個獨立的shortest cost path的子問題, 就是每對OD pair個別決定其Xp的值,而multipiler u3可以成為link l的成本,並利用Dijkstra’s shortest path 演算法來解決. (Sub 1.2) Time complexity: O(|W|×|V|2)

29 Sub-problem 2 related to decision variable yi subject to
利用quick sort來遞昇排序Yi的係數, 若Yi的係數是正的,則Yi設成0,若Yi的係數是負的,則Yi設成1, (Sub 2.1) Time complexity: O(|V|2)

30 Sub-problem 3 related to decision variable twl, cl subject to
由Sub 3.1與Sub 3.2所知, Twl與Cl都各有2種選擇, 故利用exhaustive search去決定他們的值,並進而分解成L個小問題去解 (Sub 3.1) (Sub 3.2) Time complexity: O(|W|×|L|)

31 Thank you for your listening.


Download ppt "Network Optimization Research Laboratory"

Similar presentations


Ads by Google